Google spies on Apple users

For being known as oh-so-impervious to outside attacks, it appears as if Apple Computers have let their guard down. It’s now been revealed that Apple’s Safari Web browser has been targeted for a security flaw. The culprit: Google.

A researcher at Stanford University identified an attempt by engineers at Google that allowed the search giants to bypass the privacy settings of users of the popular Safari browser, which comes standard on all Macs and iPhone devices. Not only did the little loophole allow Google to exploit millions of users of competing products, but it also means that those same millions had their Internet history unknowingly monitored by the not-so-small-time megacorporation.

Stanford University’s Jonathan Mayer stumbled upon a secret that was being employed by Google and a few lesser-known Silicon Valley companies. According to his research, Google and others were relying on code that allowed them to install cookies on the devices of users that browsed the Web on Apple’s Safari. Traditionally, Safari rejects third-party cookies, although a loophole allowed Google and others to install small text file that, while making browsing more seamless for users, also allowed the company to track Internet usage.

The Wall Street Journal was the first to pick up on Mayer’s research, and in a more blunt attempt at explaining the episode, writes that Google "used special computer code that tricks Apple's Safari Web-browsing software into letting them monitor many users."

The code being used by Google and others worked through a loophole where cookies are allowed in instances of two-way conversation, such as with online forms that require submission. A script identified by Google allowed them to trick iPhones and other devices into thinking they were dealing with such sites, but in actually Google was forcing the user to accept a clandestine cookie that the search giant could then keep tabs on.

Google is responding that reports over the episode were exaggerated when in actuality they just aimed to increase functionality.

“The Journal mischaracterizes what happened and why,” responds Google Senior Vice President of Communications and Public Policy Rachel Whetstone. “We used known Safari functionality to provide features that signed-in Google users had enabled. It's important to stress that these advertising cookies do not collect personal information.”

Google claims that the script was created after the dawn of its G+ social networking community was launched. “[W]e created a temporary communication link between Safari browsers and Google's servers, so that we could ascertain whether Safari users were also signed into Google, and had opted for this type of personalization,” writes Whestone. “But we designed this so that the information passing between the user's Safari browser and Google's servers was anonymous — effectively creating a barrier between their personal information and the web content they browse.

"However, the Safari browser contained functionality that then enabled other Google advertising cookies to be set on the browser. We didn't anticipate that this would happen, and we have now started removing these advertising cookies from Safari browsers. It's important to stress that, just as on other browsers, these advertising cookies do not collect personal information."

Some say that Google’s explanation isn’t necessary. Instead, they shouldn’t be relying on these tricks in the first place.

“Coming on the heels of Google’s controversial decision to tear down the privacy-protective walls between some of its other services, this is bad news for the company,” reads a statement published Thursday by the Electronic Frontier Foundation. “It’s time for Google to acknowledge that it can do a better job of respecting the privacy of Web users.”

It doesn’t end there, though. The EFF says that Apple is also to blame for not protecting the privacy of its own users. “Meanwhile, users who want to be safe against web tracking can't rely on Safari's well-intentioned but circumventable protections,” says the EFF.

Gizmodo.com reports that the security flaw was identified as early as 2010, and that Apple had ample time to address it.

The EFF calls the exploit “probably an unintended side-effect — of a system that Google built to pass social personalization information,” but even with Google apologized and now offering a remedy, it doesn’t mean that harm hasn’t been done. If anything, though, it was an attack against Apple in a war that Steve Jobs intended to declare himself. According to Walter Isaacson’s best-selling biography of the former Apple CEO, Jobs was outraged with Google and insisted on taking them out with his “last dying breath.”